Errata overview
Errata ID 580
Date 2019-09-11
Source package libxslt
Fixed in version 1.1.29-2.1+deb9u1
This update addresses the following issues:
* xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL
* An xsl number with certain format strings could lead to a uninitialized
  read in xsltNumberFormatInsertNumbers (CVE-2019-13117)
* Read of uninitialized stack data due to too narrow xsl:number instruction
  and an invalid character (CVE-2019-13118)
Additional notes
CVE ID CVE-2019-11068
UCS Bug number #50157